---
title: SonarQube Reviews
meta_title: 'SonarQube Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 153 reviews by the users' company size, role or industry
  to find out how SonarQube works for a business like yours.
aggregate_rating:
  rating_value: 4.4
  review_count: 153
  scale: '5'
date_modified: '2026-07-15'
parent_category:
  name: "DevSecOps\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"
  url: https://www.g2.com/categories/devsecops
---

# SonarQube Reviews
**Vendor:** SonarSource Sàrl  
**Category:** [Static Code Analysis Tools](https://www.g2.com/categories/static-code-analysis)  
**Average Rating:** 4.4/5.0  
**Total Reviews:** 153
## About SonarQube
Sonar, the industry standard for code verification and automated code review, helps reduce outages, improve security, and lower risks associated with AI and agentic coding. As an independent verification platform, Sonar enables organizations to securely develop at the speed of AI. Sonar is the foundation for high-performance software engineering, analyzing over 750 billion lines of code daily to ensure applications are secure, reliable, and maintainable. Rooted in the open source community, Sonar is trusted by 7M+ developers globally, including teams at ServiceNow, Booking.com, Deutsche Bank, AstraZeneca, and Ford Motor Company.



## SonarQube Pros & Cons
**What users like:**

- Users value SonarQube for its ability to **efficiently flag code quality and security issues** , ensuring a clean and reliable codebase. (24 reviews)
- Users appreciate the **flexible issue filtering and prioritization** features of SonarQube, enhancing focus and communication. (20 reviews)
- Users value the **issue identification** feature of SonarQube, enhancing focus on high-priority problems and improving development processes. (19 reviews)
- Users appreciate the **ease of use** of SonarQube, benefiting from automated quality checks integrated into their development workflows. (18 reviews)
- Users appreciate the **easy integrations** with CI/CD tools, enhancing their workflow and overall development process. (18 reviews)
- Users value the **seamless integration** of SonarQube with CI/CD pipelines, enhancing code quality management effortlessly. (18 reviews)
- Security (15 reviews)
- Vulnerability Detection (15 reviews)
- Code Review (12 reviews)
- Integration Support (12 reviews)

**What users dislike:**

- Users experience **software bugs** including false positives and high RAM usage, complicating usage and requiring advanced knowledge. (12 reviews)
- Users find the **configuration process complex** , often requiring extensive knowledge and still resulting in numerous warnings. (10 reviews)
- Users report frequent **false positives** that complicate the analysis process, affecting the overall usability of SonarQube. (10 reviews)
- Users find SonarQube&#39;s **configuration complexity** and overwhelming warnings to be challenging, affecting their overall experience. (8 reviews)
- Users find the **complex setup** of SonarQube challenging, especially for beginners, often leading to frustrating experiences. (8 reviews)
- Users often face **integration issues** with SonarQube, particularly in connecting to GitLab and navigating its complexities. (8 reviews)
- Users find SonarQube&#39;s **limited features** frustrating, particularly with restrictions on scanning and analysis capabilities. (8 reviews)
- Users note that the **expensive nature** of SonarQube limits access to advanced features and complicates setup. (7 reviews)
- Difficult Setup (6 reviews)
- Setup Difficulty (6 reviews)


## SonarQube Discussions
  - [What is the benefit of SonarQube?](https://www.g2.com/discussions/what-is-the-benefit-of-sonarqube)
  - [What are the main components of SonarQube platform?](https://www.g2.com/discussions/what-are-the-main-components-of-sonarqube-platform)
  - [What is SonarQube and its features?](https://www.g2.com/discussions/what-is-sonarqube-and-its-features)
  - [What is the best way to integrate a plugin for the code coverage?](https://www.g2.com/discussions/what-is-the-best-way-to-integrate-a-plugin-for-the-code-coverage) - 1 upvote
  - [test coverage](https://www.g2.com/discussions/31154-test-coverage) - 1 upvote

- [View SonarQube pricing details and edition comparison](https://www.g2.com/products/sonarqube/reviews?page=5&section=pricing&secure%5Bexpires_at%5D=2026-07-15+10%3A37%3A11+-0500&secure%5Bsession_id%5D=334efc71-18cb-4f54-9bea-13563252fab1&secure%5Btoken%5D=2a994614c95a3ea4c9404702bebb2f53229b94eda370a6668a6c435157ee6317&format=llm_user)
## SonarQube Integrations
  - [Android Studio](https://www.g2.com/products/android-studio/reviews)
  - [Apache Maven](https://www.g2.com/products/apache-maven/reviews)
  - [Atlassian](https://www.g2.com/products/atlassian-2025-01-31/reviews)
  - [AWS CodeBuild](https://www.g2.com/products/aws-codebuild/reviews)
  - [AWS CodePipeline](https://www.g2.com/products/aws-codepipeline/reviews)
  - [AWS CodePipeline for CI/CD Automation](https://www.g2.com/products/aws-codepipeline-for-ci-cd-automation/reviews)
  - [Azure DevOps Server](https://www.g2.com/products/azure-devops-server/reviews)
  - [Azure Pipelines](https://www.g2.com/products/azure-pipelines/reviews)
  - [Backstage](https://www.g2.com/products/backstage/reviews)
  - [Bitbucket](https://www.g2.com/products/bitbucket/reviews)
  - [CircleCI](https://www.g2.com/products/circleci/reviews)
  - [Claude](https://www.g2.com/products/claude-2025-12-11/reviews)
  - [CloudBees](https://www.g2.com/products/cloudbees/reviews)
  - [Codemagic](https://www.g2.com/products/codemagic/reviews)
  - [Copado DevOps](https://www.g2.com/products/copado-devops/reviews)
  - [Cortex](https://www.g2.com/products/cortex-automation-inc-cortex/reviews)
  - [Cursor](https://www.g2.com/products/cursor/reviews)
  - [Datadog](https://www.g2.com/products/datadog/reviews)
  - [Devin AI](https://www.g2.com/products/devin-ai/reviews)
  - [Docker](https://www.g2.com/products/docker-inc-docker/reviews)
  - [Drata](https://www.g2.com/products/drata/reviews)
  - [DX](https://www.g2.com/products/dx-platform/reviews)
  - [Dynatrace](https://www.g2.com/products/dynatrace/reviews)
  - [Eclipse](https://www.g2.com/products/tph-global-eclipse/reviews)
  - [Gemini](https://www.g2.com/products/gemini-2021-11-09/reviews)
  - [GitHub](https://www.g2.com/products/github/reviews)
  - [GitLab](https://www.g2.com/products/gitlab/reviews)
  - [Google Cloud Console](https://www.g2.com/products/google-cloud-console/reviews)
  - [Google Cloud Tekton](https://www.g2.com/products/google-cloud-tekton/reviews)
  - [Gradle Build Tool](https://www.g2.com/products/gradle-build-tool/reviews)
  - [Harness](https://www.g2.com/products/harness-wealth-harness/reviews)
  - [IntelliJ IDEA](https://www.g2.com/products/intellij-idea/reviews)
  - [Jellyfish](https://www.g2.com/products/jellyfish-2018-10-15/reviews)
  - [Jenkins](https://www.g2.com/products/jenkins/reviews)
  - [JFrog](https://www.g2.com/products/jfrog-2024-03-28/reviews)
  - [Jira](https://www.g2.com/products/jira/reviews)
  - [LinearB](https://www.g2.com/products/linearb/reviews)
  - [Microsoft Visual Studio App Center](https://www.g2.com/products/microsoft-microsoft-visual-studio-app-center/reviews)
  - [MuleSoft Anypoint Platform](https://www.g2.com/products/mulesoft-anypoint-platform/reviews)
  - [npm](https://www.g2.com/products/npm/reviews)
  - [Oobeya](https://www.g2.com/products/oobeya/reviews)
  - [Port](https://www.g2.com/products/port-port/reviews)
  - [PyCharm](https://www.g2.com/products/pycharm/reviews)
  - [Python](https://www.g2.com/products/python/reviews)
  - [ServiceNow DevOps](https://www.g2.com/products/servicenow-devops/reviews)
  - [Slack](https://www.g2.com/products/slack/reviews)
  - [Travis CI](https://www.g2.com/products/travis-ci/reviews)
  - [Visual Studio](https://www.g2.com/products/visual-studio/reviews)
  - [Visual Studio Code](https://www.g2.com/products/visual-studio-code/reviews)
  - [Zed](https://www.g2.com/products/zed-zed/reviews)

## SonarQube Features
**Administration**
- API / Integrations
- Extensibility

**Functionality**
- Repository Integration
- Analytics and Trends
- Productivity Updates

**Bug Reporting**
- User Reports & Feedback
- Tester Reports & Feedback
- Team Reports & Comments

**Functionality - Software Composition Analysis **
- Language Support
- Integration
- Transparency

**Documentation**
- Feedback
- Prioritization
- Remediation Suggestions

**Risk management - Application Security Posture Management (ASPM)**
- Vulnerability Management
- Compliance Management
- Policy Enforcement

**Functionality - Software Bill of Materials (SBOM)**
- Format Support
- Annotations
- Attestation

**AI Compliance**
- Regulatory Reporting
- Automated Compliance

**Agentic AI - Static Code Analysis**
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance

**Performance - AI AppSec Assistants**
- Remediation
- Real-time Vulnerability Detection
- Accuracy

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Code Analysis

**Management**
- Data Context
- Testing Integration

**Bug Monitoring**
- Analytics
- Bug History
- Data Retention

**Effectiveness - Software Composition Analysis**
- Remediation Suggestions
- Continuous Monitoring
- Thorough Detection

**Security**
- False Positives
- Custom Compliance
- Agility

**Integration and efficiency - Application Security Posture Management (ASPM)**
- Integration with Development Tools

**Management - Software Bill of Materials (SBOM)**
- Monitoring
- Dashboards
- User Provisioning

**Risk Management & Monitoring**
- Real-time Monitoring

**Integration - AI AppSec Assistants**
- Stack Integration
- Workflow Integration
- Codebase Contextual Awareness

**Security**
- Data Security
- Data loss Prevention
- Security Auditing

**Testing**
- Command-Line Tools
- Manual Testing
- Test Automation
- Compliance Testing
- Black-Box Scanning
- Detection Rate
- False Positives

**Reporting and Analytics - Application Security Posture Management (ASPM)**
- Trend Analysis
- Risk Scoring
- Customizable Dashboards

**Agentic AI - Bug Tracking**
- Adaptive Learning
- Natural Language Interaction
- Proactive Assistance

**Identity**
- SSO
- Governance
- User Analytics

**Access Control and Security**
- Pole-based Access Control (RBAC)

**Agentic AI - Static Application Security Testing (SAST)**
- Autonomous Task Execution

**Agentic AI  - Application Security Posture Management (ASPM)**
- Autonomous Task Execution
- Multi-step Planning

**Agentic AI - AI Governance Tools**
- Autonomous Task Execution
- Multi-step Planning
- Cross-system Integration
- Adaptive Learning
- Natural Language Interaction
- Decision Making

## Top SonarQube Alternatives
  - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,312 reviews)
  - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (881 reviews)
  - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) - 3.8/5.0 (25 reviews)

